NDBS 2.0's configuration file format contains an entry for the path to the keystore databases (cert7.db and key3.db) and the keystore class name. Optionally, it may contain an entry for the Triple DES with CBC and standard block padding algorithm name and HMAC with SHA-1 algorithm name. The example included in the distribution (testdb file) illustrates this format.
# Read key3.db and cert7.db from the specified directory. # Provide the specified directory to the key3.db and cert7.db. # If the backslash character is required as part of the PATH, then # double backslash must be used. For example, you would specify # a PATH=d:\ndbs\doc as PATH=d:\\ndbs\\doc. PATH=. # This allows the keystore class to be set dynamically. KEYSTORE_CLASS_NAME=edu.cmu.sei.cbs.ndbs.NetscapeKeyStore # This sets the TripleDES algorithm name dynamically. # Provide the Triple DES algorithm name for the crypto # provider installed, if it does not use one of the default # algorithm names DESede/CBC/PKCS5Padding or Triple-DES/CBC. # For example, you may specify an algorithm name as # TRIPLE_DES_ALGORITHM_NAME=DESede/CBC/PKCS5Padding with no # quote around the algorithm name. # TRIPLE_DES_ALGORITHM_NAME= # This sets the HmacSha1 algorithm name dynamically. # Provide the Triple DES algorithm name for the crypto # provider installed, if it does not use one of the default # algorithm names HmacSha1, HMACwithSHA1, or HMAC/SHA. # For example, you may specify an algorithm name as # HMAC_SHA1_ALGORITHM_NAME=HmacSha1 without no quote # around the algorithm name. # HMAC_SHA1_ALGORITHM_NAME=
Table 6: Configuration File Content
Lines within the NDBS configuration file beginning with '#' or those that are blank are ignored. The first non-blank, uncommented line is the PATH entry that specifies the relative or absolute path to the directory containing key3.db and cert7.db. If the backslash character is required as part of the PATH, then double backslash must be used. For example, if you want to specified a PATH=d:\ndbs\doc, then you must have PATH=d:\\ndbs\\doc in the configuration file. The KEYSTORE_CLASS_NAME entry allows the keystore SPI implementation class to be set dynamically. Both PATH and KEYSTORE_CLASS_NAME are mandatory entries. TRIPLE_DES-ALGORITHM_NAME and HMAC_SHA1_ALGORITHM_NAME specify the Triple DES with CBC and Standard Block Padding algorithm name and the HMAC with SHA-1 algorithm name, if the crypto provider installed does not use any of the default algorithm names listed in the section Testing Netscape DB Keystore. Even though NDBS 2.0 currently supports only Netscape keystore files, the system is designed to provide extensibility features that will allow it to support other keystore files such as Microsoft Crypto Service Provider (CSP keystore files) in the future.
Included in the downloaded file is also a configuration file called testdbalgo that shows an example for a non-default algorithm name setting.